Sign-up

ID

VAR-202206-2306


CVE

CVE-2022-32585


TITLE

robustel  of  r1510  Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-012755

DESCRIPTION

A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. robustel of r1510 There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Robustel R1510 is an industrial VPN router from China Robustel company

Trust: 2.25

sources: NVD: CVE-2022-32585 // JVNDB: JVNDB-2022-012755 // CNVD: CNVD-2022-51427 // VULMON: CVE-2022-32585

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-51427

AFFECTED PRODUCTS

vendor:robustelmodel:r1510scope:eqversion:3.3.0

Trust: 1.6

vendor:robustelmodel:r1510scope: - version: -

Trust: 0.8

vendor:robustelmodel:r1510scope:eqversion: -

Trust: 0.8

vendor:robustelmodel:r1510scope:eqversion:r1510 firmware 3.3.0

Trust: 0.8

sources: CNVD: CNVD-2022-51427 // JVNDB: JVNDB-2022-012755 // NVD: CVE-2022-32585

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32585
value: CRITICAL

Trust: 1.0

talos-cna@cisco.com: CVE-2022-32585
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-32585
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2022-51427
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202206-2900
value: CRITICAL

Trust: 0.6

VULMON: CVE-2022-32585
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-32585
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-51427
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-32585
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2022-32585
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2022-32585
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-51427 // VULMON: CVE-2022-32585 // JVNDB: JVNDB-2022-012755 // CNNVD: CNNVD-202206-2900 // NVD: CVE-2022-32585 // NVD: CVE-2022-32585

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-489

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-012755 // NVD: CVE-2022-32585

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-2900

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202206-2900

PATCH

title:Patch for Robustel R1510 Command Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/339301

Trust: 0.6

title:Robustel R1510 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198388

Trust: 0.6

sources: CNVD: CNVD-2022-51427 // CNNVD: CNNVD-202206-2900

EXTERNAL IDS

db:NVDid:CVE-2022-32585

Trust: 3.9

db:TALOSid:TALOS-2022-1570

Trust: 2.5

db:JVNDBid:JVNDB-2022-012755

Trust: 0.8

db:CNVDid:CNVD-2022-51427

Trust: 0.6

db:CS-HELPid:SB2022071513

Trust: 0.6

db:CNNVDid:CNNVD-202206-2900

Trust: 0.6

db:VULMONid:CVE-2022-32585

Trust: 0.1

sources: CNVD: CNVD-2022-51427 // VULMON: CVE-2022-32585 // JVNDB: JVNDB-2022-012755 // CNNVD: CNNVD-202206-2900 // NVD: CVE-2022-32585

REFERENCES

url:https://talosintelligence.com/vulnerability_reports/talos-2022-1570

Trust: 3.1

url:https://cxsecurity.com/cveshow/cve-2022-32585/

Trust: 1.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32585

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022071513

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-51427 // VULMON: CVE-2022-32585 // JVNDB: JVNDB-2022-012755 // CNNVD: CNNVD-202206-2900 // NVD: CVE-2022-32585

CREDITS

Discovered by Francesco Benvenuto of Cisco Talos.

Trust: 0.6

sources: CNNVD: CNNVD-202206-2900

SOURCES

db:CNVDid:CNVD-2022-51427
db:VULMONid:CVE-2022-32585
db:JVNDBid:JVNDB-2022-012755
db:CNNVDid:CNNVD-202206-2900
db:NVDid:CVE-2022-32585

LAST UPDATE DATE

2024-08-14T13:22:04.698000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-51427date:2022-07-14T00:00:00
db:VULMONid:CVE-2022-32585date:2022-07-12T00:00:00
db:JVNDBid:JVNDB-2022-012755date:2023-09-01T08:14:00
db:CNNVDid:CNNVD-202206-2900date:2022-07-18T00:00:00
db:NVDid:CVE-2022-32585date:2022-07-12T19:44:25.667

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-51427date:2022-07-14T00:00:00
db:VULMONid:CVE-2022-32585date:2022-06-30T00:00:00
db:JVNDBid:JVNDB-2022-012755date:2023-09-01T00:00:00
db:CNNVDid:CNNVD-202206-2900date:2022-06-30T00:00:00
db:NVDid:CVE-2022-32585date:2022-06-30T19:15:08.340